Unbound doens't look for A records in cache

1 vote
0 answers
167 views
                          I deployed the unbound caching server, below is how it is deployed

Client ---> InternelDNSServer(Windows) ---> ExternalDNSServer(RHEL) ---> GoogleDNS

from Localhost(unbound) If i do  

    dig +ttlunits somesite.com

on first try it will go to google dns servers and on second try it will check from unbound cache and Query time will be either 1 msec or 0msec tcpdump confirms that it is checking from internel cache. 

But if any other client which is behind InternelDNSServer then query still goes to GoogleDNS. below is unbound.conf content

    server:
            verbosity: 1
            statistics-interval: 0
            statistics-cumulative: no
            extended-statistics: yes
            num-threads: 4
            interface: 192.168.56.10
            interface-automatic: no
            so-reuseport: yes
            ip-transparent: yes
            do-ip4: yes
            access-control: 127.0.0.0/8 allow
            access-control: 192.168.56.10/32 allow ***(unbound,Localhost)***
            access-control: 10.30.10.1/32 allow_snoop ***(InternetDNSServer1)***
            access-control: 10.30.11.2/32 allow_snoop ***(InternetDNSServer2)***
            chroot: ""
            username: "unbound"
            directory: "/etc/unbound"
            logfile: /var/log/unbound/unbound.log
            log-queries: yes
            use-syslog: yes
    
            log-time-ascii: yes
            log-replies: yes
            pidfile: "/var/run/unbound/unbound.pid"
            hide-identity: yes
            hide-version: yes
            harden-glue: yes
            harden-dnssec-stripped: yes
            harden-below-nxdomain: yes
            harden-referral-path: yes
            unwanted-reply-threshold: 10000000
            prefetch: yes
            prefetch-key: yes
            rrset-roundrobin: yes
            minimal-responses: yes
            module-config: "ipsecmod validator iterator"
            trust-anchor-signaling: yes
            trusted-keys-file: /etc/unbound/keys.d/*.key
            auto-trust-anchor-file: "/var/lib/unbound/root.key"
            val-clean-additional: yes
            val-permissive-mode: no
            val-log-level: 1
            include: /etc/unbound/local.d/*.conf
            ipsecmod-enabled: no
            ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
    python:
    remote-control:
            control-enable: yes
            server-key-file: "/etc/unbound/unbound_server.key"
            server-cert-file: "/etc/unbound/unbound_server.pem"
            control-key-file: "/etc/unbound/unbound_control.key"
            control-cert-file: "/etc/unbound/unbound_control.pem"
    forward-zone:
            name: "."
            forward-addr: 8.8.8.8
            forward-addr: 8.8.4.4
            forward-addr: 1.1.1.1
            forward-first: no
    include: /etc/unbound/conf.d/*.conf

/etc/resolv.conf contents

    # Generated by NetworkManager
    search privatedomain.com
    nameserver 192.168.56.10

i'm confused why is it not looking for cache for clients behind the InternelDNSServer

                        
Asked by OmiPenguin (4398 rep)
May 29, 2022, 05:01 AM
Last activity: May 29, 2022, 05:19 AM
Unbound doens't look for A records in cache

Related Questions
